2.3

Question 1

Most organizations have multiple, separate __________ designed to provide isolation between the functions of development, test, staging, and production.

Answer 1

Environment

Question 2

Is a type of environment that is sized, configured, and set up for developing applications and systems.

Answer 2

Development environment

Question 3

Is a type of environment that is used to test a system fully prior to deploying it into production to ensure that it is bug-free and will not disrupt the production environment.

Answer 3

Test environment

Question 4

Is an optional environment, but it is commonly used when an organization has multiple production environments. Primary purpose is to serve as a sandbox after testing, so the test system can test the next set while the current set is deployed across the enterprise.

Answer 4

Staging environment

Question 5

Is a type of environment where the systems work with real data, doing the business that the system is intended to perform.

Answer 5

Production environment

Question 6

Is a common step in any manufacturing process that ensures the delivery of high-quality software or IT systems. The primary goal of this step is to verify and validate that a product or system meets specified requirements and adheres to established standards.

Answer 6

Quality assurance (QA)

Question 7

Is the process of assigning permissions or authorities to objects. Users can be provisioned into group, and computer processes or threads can be provisioned to higher levels of authority when executing.

Answer 7

Provisioning

Question 8

Is the removal of permissions or authorities.

Answer 8

deprovisioning

Question 9

Refers to the process of verifying and ensuring the integrity of software, systems, or data.

Answer 9

Integrity measurement

Question 10

Refers to organizing data to minimize redundancy and dependency. It helps in preventing anomalies and inconsistencies in data, which can be exploited by attackers.

Answer 10

Normalization

Question 11

These are precompiled SQL queries stored on the database server. They enhance security by allowing the database to execute specific tasks without exposing the underlying code to potential attackers.

Answer 11

Stored procedures

Question 12

This involves intentionally making code or data unclear. It’s used to deter and thwart attackers attempting to analyze or exploit the system.

Answer 12

Obfuscation/camouflage

Question 13

Involves leveraging existing code for new purposes, which can introduce security risks if the reused code contains vulnerabilities.

Answer 13

Code reuse

Question 14

Refers to code that is no longer used but still present in the system, which can create security holes if not properly managed.

Answer 14

Dead code

Question 15

Critical value checks or security checks should be performed on the ___________-side.

Answer 15

Server-side

Question 16

Critical value checks or security checks should not be performed on the ___________-side.

Answer 16

client-side

Question 17

Involves allocating and deallocating memory resources efficiently to prevent memory-related vulnerabilities like buffer overflows.

Answer 17

Memory management

Question 18

Software developers use packaged sets of software programs and tools called __________ to create apps for specific vender platforms.

Answer 18

software development kits (SDKs)

Question 19

Is the loss of control over data from a system during operations.

Answer 19

Data exposure

Question 20

An organization that provides resources, tools, and guidelines for improving web application security.

Answer 20

Open Web Application
Security Project (OWASP)

Question 21

Software that translates source code into machine code or executable code.

Answer 21

Compiler

Question 22

Executable machine code that computers can directly execute. 1’s and 0’s.

Answer 22

Binary

Question 23

Involves using ________________ to perform repetitive tasks.

Answer 23

Automation/scripting

Question 24

Predefined responses or actions triggered automatically by security events or alerts.

Answer 24

Automated courses of action

Question 25

Term used to describe the technologies and processes employed to enable rapid detection of compliance issues and security risks.

Answer 25

Continuous monitoring

Question 26

Regularly verifying that code is secure and compliant with security policies and standards.

Answer 26

Continuous validation

Question 27

Continually updating and improving the production codebase.

Answer 27

Continuous integration

Question 28

Is a natural extension of continuous integration. Allows new changes to production to be released quickly and sustainably.

Answer 28

Continuous delivery

Question 29

Is continuous delivery on autopilot. It goes one step further than continuous delivery in that the release is automatic.

Answer 29

Continuous deployment

Question 30

Is the characteristic that something is capable of change without breaking.

Answer 30

Elasticity

Question 31

Is the characteristic of a software system to process higher workloads on its current resources (scale up) or on additional resources (scale out) without interruption.

Answer 31

Scalability

Question 32

The practice of tracking and managing changes to software code and configuration files.

Answer 32

Version control